Vulnerabilities > Yokogawa > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-11 | CVE-2022-22145 | Resource Exhaustion vulnerability in Yokogawa products CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. | 8.1 |
2022-03-11 | CVE-2022-22148 | Incorrect Permission Assignment for Critical Resource vulnerability in Yokogawa products 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. | 7.8 |
2022-03-11 | CVE-2022-22151 | Improper Encoding or Escaping of Output vulnerability in Yokogawa products CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | 8.1 |
2022-03-11 | CVE-2022-22729 | Improper Authentication vulnerability in Yokogawa products CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. | 8.8 |
2022-03-11 | CVE-2022-23401 | Uncontrolled Search Path Element vulnerability in Yokogawa products The following Yokogawa Electric products contain insecure DLL loading issues. | 7.8 |
2019-12-26 | CVE-2019-6008 | Unquoted Search Path or Element vulnerability in Yokogawa products An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. | 7.8 |
2019-01-09 | CVE-2018-16196 | Improper Input Validation vulnerability in Yokogawa products Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors. | 7.5 |
2018-10-12 | CVE-2018-17898 | Resource Exhaustion vulnerability in Yokogawa products Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. | 7.5 |
2018-10-12 | CVE-2018-17896 | Use of Hard-coded Credentials vulnerability in Yokogawa products Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. | 8.1 |
2016-09-19 | CVE-2016-4860 | Improper Authentication vulnerability in Yokogawa Stardom Fcn/Fcj Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command. | 7.3 |